This thread is primarily aimed at Windows users but others may, of course, chip in. For the record I use the free Sophos anti-virus package for my MacBook Air.

But this post is about Windows 7 (Ultimate x64) and my decision to dump Kaspersky ISS 2011 on my main machine. My reason is documented at great length here but, to be fair, I've not seen a similar performance issue on my much simpler Media PC.

Anyway, having over the years run anti-virus software from PC Tools, McAfee, ZoneAlarm, Norton/Symantec and most recently Kaspersky I seem to see a repeating trend: the software starts out lean, mean and fit for purpose and ends up bloated, cranky and occasionally quite offensive. A bit like me as I progress past middle age.

After reading a few reviews and, in particular, taking note of the excellent scores (both in the "On-Demand Comparative" and "Retrospective/Proactive" tests) at AV Comparitives I've installed a trial of G Data's InternetSecurity 2011. A number of reviews have pointed out that this program has a fairly large RAM footprint but the detection/protection rates appear to be inarguably excellent. And, in stark contrast to my recent 12 to 120 second delay in start up courtesy of Kaspersky, I'm getting from Password to Desktop in just five seconds with a fresh install of G Data InternetSecurity 2011. If that changes I'll keep you posted. First impressions are very good - the interface is deceptively simple but you can drill down into some quite detailed settings if you want to. Best of all, so far at least, the program is unobtrusive though no doubt I'll be getting a few reminders as I get towards the end of my thirty day trial. Pricing looks quite attractive too, with only a very modest supplement for a 3 PC licence over the cost of protecting just one machine.

So what ISS or Anti-Virus software do you use? There'll be lots of forum members who use the more common packages but it would also be good to hear from those who use the slightly more unusual ones.

Bob.

P.S. Beware the increasingly common fake anti-virus packages. According to this PC Pro article the top fake anti-virus programs, with percentage of infections, are:

I'm mostly using Linux but I need sometimes windows too. I've Avira on Windows because it's for free and doesn't take much performance, but the updater is annoying. It minimizes games at the worst moment.

Thanks for the feedback so far. I was certainly tempted by Avira but then I read a review which asserted that one of its components couldn't be used on 64 bit versions of Windows, a fact confirmed by Avira here. But try finding that out from the Avira main product pages! That left me in doubt about the validity of the excellent "On-Demand Comparative" test score at AV Comparatives. AV Comparatives gave AVG a score of just 73.1% for "Scripts" in their August test and Microsoft Security Essentials fared little better at 88.1%. Sophos was as bad as AVG at blocking malicious scripts, a fact I am not happy acknowledging as I'm currently using Sophos on a Mac though at least OS X is, as I understand it, more resistant to attack in its own right.

By comparison my own choice of G Data to replace Kaspersky on Windows 7 x64 achieved a 99.9% score on scripts and, coincidentally, a 99.9% overall score. Kapsersky's figures were 93.5% and 98.3%.

But, as I understand it, these tests were done against known threats that arguably should have been included in the ant-virus signature updates which, to my untutored eye, makes any score not in the high nineties quite surprising.

At least as interesting is the performance of the various programs when tested with slightly out of date signature updates. The most recent one that AV Comparatives have done was back in February this year. They tested new malware that had appeared in just one week since the last signature update and the detection rates for worms, backdoors, trojans and other threats dropped dramatically. Overall scores were 53% for Avira, 34% for AVG, 61% for G Data, 59% for Kaspersky, and 59% for Microsoft. A graphic illustration of why it's important to let one's security suite keep itself up to data as frequently as possible. I don't have figures for any others but I'm happy to report that G Data updates every hour.

By the way, as I've quoted very selectively from the AV Comparatives reports I think I should urge those interested to read the reports in detail together with their testing methodology. They test 20 products each time and while they concentrate very much on just one aspect of performance I think the data they provide is essential reading when used in conjunction with the more usual magazine style reviews.

I currently run... NONE on my main system. Guaranteed no performance drop! I have yet to find one unintrusive enough for me to put up with.

The biggest two issues I have in general are:
1 - excessive slowdown, particularly when accessing large files
2 - excessive false positives, particularly of "potentially unwanted software"

The only AV I've even stood to install have allowed me to install and TURN OFF all scanning except manual on demand, without nagging continuously that it wasn't turned on. That was the older versions of AVG but they've since gone the way of the bloat. MSSE is now the least worst to me.

Sorry, but to me the whole AV industry is built on invoking unnecessary paranoia. I do manual scan occasionally and I haven't had a confirmed virus or malware in a decade.

OK, I'll 'fess up and admit I don't run any anti-virus software on one of my Windows machines. Mind you, it's not connected to the Internet or any other computer at all!

With the proliferation of buffer overrun vulnerability discoveries, some of which have actively been used in the wild (example), I think you might be walking a bit of a tightrope. And rootkits can defeat some scans. That said, if one is scrupulously careful in one's use of the Net and one has a solid hardware firewall then maybe one can survive without being compromised...

As a system administration student with a passion for security, I can confirm what Bob says. Viruses are soooo 2002, driveby exploits is where it's at. You could be infected by a buffer overflow in flash, which installs a rootkit into your system and you could never know it (because virus scanners essentially rely on the kernel to list the files, and that's where a rootkit sets up shop).

_________________I take pictures so quickly, my highschool was "Continuous High".

As a matter of routine I do keep an eye on network and processor usage, so if there was anything doing much I'd probably notice anyway.

I guess I have to stress I'm not your average user. I know what I know, and also what I don't know. I do use a variety of other non-intrusive risk mitigation methods. Certainly I couldn't suggest everyone do what I do! I still believe that reports of risks are far over hyped.

I've read some Hakin9 magazines and they are quite eye opening. Unless you do some packet filtering on a seperate device on the network, you probably won't know what's being sent. Just a tiny payload, hidden in a URL (GET parameters) containing your credit card information.

So no, I wouldn't call the risks overhyped. However, by using anything but internet explorer, blocking flash by default (and possibly noscript if you're serious) you are 99% protected.

_________________I take pictures so quickly, my highschool was "Continuous High".